Help with Proxmox Trunk Port Setup – Letting OPNsense Handle VLANs,DHCP etc

E

evil_evo_prox

New Member
Jun 14, 2025
2
0
1
Hi all,


I'm currently working on a Proxmox VE setup and need some help getting VLAN trunking to work properly. I'm aiming for a setup where Proxmox does not handle any VLANs—I want all VLAN configuration to be done inside my OPNsense VM.

Team, please note I did read few threads here also tried those fixes, but nothing is working for me.


My Setup:​


  • Proxmox VE Host
    • Hosting OPNsense VM as my firewall/router
  • Physical Server NICs:
    • NIC1 – Connected to WAN (goes directly to ISP)
    • NIC2 – Connected to LAN (goes to managed switch)
  • Managed Switch: MikroTik
    • Port connected to NIC2 is configured as a trunk port (carrying VLANs)

What I'm Trying to Do:​


  • Let OPNsense handle all VLANs
  • Trunk all VLANs from switch → Proxmox NIC2 → OPNsense VM
  • No VLAN configuration on Proxmox host itself

What Works:​


  • I’ve assigned a management IP to the Proxmox host via NIC2 (no VLAN).
  • OPNsense can get WAN and LAN IPs (LAN is untagged during testing).
  • When testing with untagged LAN, connectivity works fine.

What Doesn’t Work:​


  • When I connect Proxmox LAN to the MikroTik trunk port (VLAN 100 for LAN):
    • OPNsense LAN interface is assigned VLAN 100
    • No DHCP / no connectivity from OPNsense LAN
    • It seems VLAN tags are not reaching the VM or being stripped by Proxmox?

Simplified Diagram:​

[ISP]
|
[NIC1 - WAN]
|
[ Proxmox VE Host ]
|
[NIC2 - LAN (trunk port)]
|
[MikroTik Switch - Trunk Port]
|
[Other VLAN Devices]

|
VM (OPNsense)
- WAN (bridged to NIC1)
- LAN (VLAN 100 on NIC2 trunk)


My Goal:​


  • Have the OPNsense VM receive VLAN-tagged traffic directly via NIC2
  • No VLAN interfaces or bridges on Proxmox host itself—just passthrough

What I’ve Tried:​


  • Bridging NIC2 directly to OPNsense LAN interface
  • No VLAN-aware bridges on Proxmox
  • OPNsense has VLAN 100 interface added on its side

Question:​


How can I configure Proxmox to just pass VLAN-tagged traffic to the OPNsense VM without interpreting or altering it?


Any help or examples would be greatly appreciated!

Current config

# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp2s0 inet manual

iface eno1 inet manual

iface enx0c37961577f3 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.27.27.10/24
gateway 10.27.27.5
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
mtu 1500
#LAN

iface wlp0s20f3 inet manual

auto vmbr1
iface vmbr1 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#WAN
source /etc/network/interfaces.d/*




Thanks!
 
Last edited:
After extensive testing, I finally managed to get everything working. This solution is ideal for people who only have two physical NICs and want OPNsense to handle all VLAN routing. Below are the steps you can follow:



️ Step 1: Create Linux Bridges​


You’ll start by creating two Linux bridges:


  • NIC 1 (WAN): Assign this to vmbr0
  • NIC 2 (LAN/MGMT): Assign this to vmbr1
    • Most likely your LAN/MGMT interface (vmbr1) will be assigned a static IP for management access to Proxmox.


Step 2: Install Open vSwitch​


Before creating VLAN-aware bridges, install Open vSwitch:


apt update
apt install openvswitch-switch


Step 3 (Proxmox GUI): Create Open vSwitch (OVS) Bridge and VLAN Ports​


️ 1. Open the Proxmox Web Interface​


Go to Proxmox GUI → Datacenter → Node (your server) → System → Network



➕ 2. Add an OVS Bridge (​


  1. Click "Create" → "OVS Bridge"
  2. Set the following:
    • Name: vmbr2
    • Bridge ports: (leave empty for now)
    • Comment: optional description like "VLAN trunk bridge"
  3. Click "Create"
  4. Apply Configuration or reboot later if needed.


➕ 3. Add OVS IntPorts for VLANs (e.g., VLAN 10, VLAN 20)​


Repeat the steps below once for each VLAN you need (e.g., VLAN 10 and 20):


  1. Click "Create" → "OVS IntPort"
  2. Set:
    • Name: vlan10 (or vlan20)
    • Bridge: vmbr2
    • VLAN Tag: 10 (or 20)
    • Type: leave as internal
    • Comment: optional, e.g., "VLAN 10 interface"
  3. Click "Create"


Step 4: Attach Interfaces to OPNsense VM​


Now attach the following three bridges to your OPNsense VM:


  • vmbr0 (WAN)
  • vmbr1 (LAN/MGMT – for initial configuration access)
  • vmbr2 (VLAN trunk)

✅ Note:
Connecting vmbr1 (LAN) to the OPNsense VM is important so that you can initially assign vtnetX interfaces inside OPNsense to WAN, LAN, and OPT interfaces.
Click to expand...


️ Step 5: Configure VLANs in OPNsense​


  • Boot the OPNsense VM.
  • Go to Interfaces → Assignments.
  • Create and assign VLAN interfaces (e.g., VLAN 10, VLAN 20) to the trunk port (which maps to vmbr2).
  • Configure DHCP or static IPs as needed on each VLAN.


Step 6: Move Physical NIC from vmbr1 to vmbr2 (for VLAN Trunking)​


Now that configuration is complete:


  1. In Proxmox GUI → Network, locate vmbr2.
  2. Add the physical NIC (previously used by vmbr1) to vmbr2 as a bridge port.
  3. You must first remove that NIC from vmbr1 before adding it to vmbr2.

This change will enable VLAN trunking to pass through OVS and allow OPNsense to route all VLAN traffic.
 
You must log in or register to reply here.
Top Bottom